FBI vs Android Locks

Hello everybody! My name is Andrew Matsusaka, one of the Winter 2012 UCOSP Team members. Instead of posting about project updates found here I’d like to talk about security today, starting off with the power of Android locking mechanism.

Android devices have a locking mechanism that can be very difficult to break. After a certain number of failed attempts, the user’s Google e-mail address and password is required to access the information. Since so much personal data is stored on these devices, it’s nice to know that even the FBI can’t break in.

According to this article from Wired, the FBI was unable to access a suspects personal data during an investigation. You would think the FBI with all of their expertise in security would be able to access the data through various means. After consulting with several forensic experts, it appears the Android locking system cannot be bypassed through software. The next step would be reaching the data via hardware, however that carries risk of damaging the phone and losing the data itself.

The only way to gain access to that data was by issuing a warrant for data retrieval from Google. Apparently it is fairly common for personal data to be provided to law enforcement for some investigations. Google released a statement saying: “Like all law-abiding companies, we comply with valid legal process. Whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. If we believe a request is overly broad, we will seek to narrow it.”

When mentioning this topic to the rest of the team, Yemi mentioned a program called TrueCrypt that is designed to allow hiding encrypted data while at the same time having legal plausible deniability. For those of you interested in maintaining their data with utmost secrecy may want to give this program a try.

The subject of online security is becoming a bigger concern as technology becomes a larger part of our lives. Just to give you a jump start, an article by LifeHacker called How to Stay Secure Online covers basic steps many of us should be taking when using the Internet.

On another note, just to put some faces to our developers for this Winter 2012 UCOSP team, I found a picture taken of us during the Vancouver code sprint.